Vulnerabilities > CVE-2006-4477 - Remote File Include vulnerability in Visualshapers Ezcontents 2.0.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
visualshapers
exploit available
NVD
Published: 2006-08-31
Updated: 2018-10-17

Summary

Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.

Vulnerable Configurations

Part Description Count
Application
Visualshapers
1

Exploit-Db

  • descriptionezContents 2.0.3 shownews.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28458
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28458/
    titleezContents 2.0.3 - shownews.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 toprated.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28462
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28462/
    titleezContents 2.0.3 - toprated.php GLOBALSlanguage_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 event_list.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28453
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28453/
    titleezContents 2.0.3 - event_list.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 gallery_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28455
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28455/
    titleezContents 2.0. - gallery_summary.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 review_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477 . Webapps exploit for php platform
    idEDB-ID:28460
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28460/
    titleezContents 2.0.3 - review_summary.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 search.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28461
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28461/
    titleezContents 2.0.3 - search.php GLOBALSlanguage_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 showlinks.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28457
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28457/
    titleezContents 2.0.3 - showlinks.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 showpoll.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28459
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28459/
    titleezContents 2.0.3 - showpoll.php GLOBALSadmin_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 calendar.php GLOBALS[language_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28454
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28454/
    titleezContents 2.0.3 - calendar.php GLOBALSlanguage_home Parameter Remote File Inclusion
  • descriptionezContents 2.0.3 showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion. CVE-2006-4477. Webapps exploit for php platform
    idEDB-ID:28456
    last seen2016-02-03
    modified2006-08-30
    published2006-08-30
    reporterDarkFig
    sourcehttps://www.exploit-db.com/download/28456/
    titleezContents 2.0.3 - showguestbook.php GLOBALSadmin_home Parameter Remote File Inclusion

References